• February 22, 2025, 03:38:27 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Site-to-site VPN issue  (Read 5252 times)

cakemonitor

  • Level 1 Member
  • *
  • Posts: 1
Site-to-site VPN issue
« on: February 03, 2014, 03:32:26 AM »

Hi,

I've recently started working with a company who have a D-Link DFL-260E in the office and it connects to an off-site rackspace server running Windows Server 2012 R2. Another employee who left before I joined the company had configured an always-on site-to-site vpn to connect the two; most of the time it works fine but occasionally (once or twice a month) the link fails. I've been left workaround instructions on how to reinstate the link each time it fails [log on to the Windows server via its public IP, delete the route, restart the Routing and Remote Access service, re-add the route].

I appreciate that it might be a Windows problem and not a D-Link issue, but with the routing expertise on this forum I hoped someone would be able to advise how I can track down the cause of the fault.

The D-Link router has VPN Objects configured in its Address Book as follows:
  • VPNServer - <public IP address of remote server>
  • VPNNetwork - 172.16.5.0/24

A route has been set up on the D-Link as follows:
  • Tunnel Protocol - PPTP
  • Remote Endpoint - VPNServer
  • Remote Network - VPNNetwork
  • Authentication - <service account on Windows Server>

The D-Link also has a LAN interface defined and acts as a DHCP server for the office PCs on subnet: 172.16.3.0/24

On the Windows server, Routing and Remote Access is set up to enable the computer as a IPv4 router (LAN and demand-dial routing) and as an IPv4 Remote access server; authentication and accounting is provided by Windows; and on the IPv4 tab Forwarding is enabled with a static pool from 172.16.5.1 to 172.16.5.2

I've had a look in the %windir\tracing logs, but there was very little info there. I also checked the Windows event logs and found the following logged multiple times under the 'RemoteAccess' source:
  • EventID 20253 - Error: The user <s2s-service-account> connected to port VPN3-126 has been disconnected because no network protocols were successfully negotiated.
  • EventID 20167 - Warning: No IP address is available to hand out to the dial-in client.
  • EventID 20271 - Warning: The user <various> connected from <changing IPs> but failed an authentication attempt...

The first two seem very relevant?!
(And I assume the latter is people trying to brute-force a connection by guessing credentials and I suppose there's not a lot I can do about that.)

Is there anywhere else I can look for further info in diagnosing this problem?

Can anyone recommend a fix?

Thanks for any help / advice you can offer.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Site-to-site VPN issue
« Reply #1 on: March 03, 2014, 09:53:39 AM »

I recommend that you phone contact your regional D-Link support office and get immediate help and information on this.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.